Information Security Governance Risk and Compliance GRC specialist

We are looking for a skilled Information Security Governance Risk and Compliance (GRC) Specialist to join the Avaloq CISO Governance team. The CISO Governance team is responsible for developing implementing and maintaining our organizations Information Security governance risk management and compliance programs. The ideal candidate has a deep understanding of information security practices regulatory requirements and risk management frameworks. The role is based in Manila.

Your key responsibilities

Your key responsibilities will include the following domains. You dont have to be an expert on everything but you must be willing to learn!

• Governance and Compliance
  • Participate in the development and maintenance of Avaloqs information security governance framework.
  • Lead and aid with compliancerelated issues across stakeholders.
  • Work closely with internal and external audits both to support the audit activities and to manage the remediation of findings.
  • Report to management and relevant stakeholders on compliance status and security governance effectiveness.
• Policy Management
  • Provide guidance and assist in the drafting revision and implementation of security policies and procedures.
  • Monitor and evaluate the effectiveness of implemented policies and procedures.
  • Participate in regular policy reviews to ensure alignment with changing regulations and organizational objectives.
• Security Risk Management
  • Conduct and guide risk assessments to identify potential security threats and vulnerabilities.
  • Conduct security assessment of thirdparty vendors to evaluate compliance with Avaloqs security standards.
  • Monitor thirdparty compliance with agreements and performance against organizational benchmarks.
• Awareness and Advocacy
  • Be an advocate for security among your colleagues.
  • Participate in the development and implementation of a comprehensive cybersecurity awareness program.
  • Craft engaging and informative security training materials for Avaloq employees.
  • Measure the effectiveness of employees knowledge and competencies and adapt strategies based on feedback and trends.
  • Participate in internal security awareness activities such as new employee onboarding.
  • Stay updated with the latest developments in information security risk management and compliance.

Qualifications :

• Educational Background: A bachelors degree in information technology computer science or a related field.
• Professional Experience: 24 years of experience in a GRCrelated role or relevant industry experience (e.g. IT auditing financial regulatory risk management).
• Language skills: Professional proficiency in English is mandatory; proficiency in German or Italian is a plus.
• Excellent analytical problemsolving and communication skills.
• Ability to work independently and as part of a multicultural team.

It would be a real bonus if you have

• Professional Certifications such as CRISC CISSP CISA or GRCP.
• Strong knowledge of regulatory requirements and industry standards such as ISO 27001 ISO 27005 DORA MAS regulations etc.
• Knowledge of cloud security and related compliance concerns.

Additional Information :

We realize that managing work life balance is a challenge we all face in our daily lives and in order to support with this we are pleased to offer hybrid and flexible working for most of our Avaloqers to maintain work life balance and still continue our fantastic Avaloq culture in our global offices. 

In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions we are whole heartedly committed to fostering an equal opportunity environment and inclusive culture where you can be your true authentic self. 

We hire compensate and promote regardless of origin age gender identity sexual orientation or any other fantastic traits that make us all unique we have done our best to write this advert in an inclusive and neutral way. 

Please be aware that we will not accept speculative CV submissions for any of our roles from recruitment agencies and any unsolicited candidate submissions will be exempt from any payment expectations.  

#LIHybrid

Remote Work :

No

Employment Type :

Fulltime